snowball/igloo-kernel.git/security, branch master-2010-07-06

KEYS: Return more accurate error codes

2010-05-17T22:50:55+00:00

We were using the wrong variable here so the error codes weren't being returned properly. The original code returns -ENOKEY. Signed-off-by: Dan Carpenter Signed-off-by: David Howells Signed-off-by: James Morris

LSM: Add __init to fixup function.

2010-05-16T23:27:20+00:00

register_security() became __init function. So do verify() and security_fixup_ops(). Signed-off-by: Tetsuo Handa Signed-off-by: James Morris

TOMOYO: Add pathname grouping support.

2010-05-16T23:25:57+00:00

This patch adds pathname grouping support, which is useful for grouping pathnames that cannot be represented using /\{dir\}/ pattern. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris

ima: remove ACPI dependency

2010-05-16T23:21:58+00:00

The ACPI dependency moved to the TPM, where it belongs. Although IMA per-se does not require access to the bios measurement log, verifying the IMA boot aggregate does, which requires ACPI. This patch prereq's 'TPM: ACPI/PNP dependency removal' http://lkml.org/lkml/2010/5/4/378. Signed-off-by: Mimi Zohar Reported-by: Jean-Christophe Dubois Acked-by: Serge Hallyn Tested-by: Serge Hallyn Signed-off-by: James Morris

security/selinux/ss: Use kstrdup

2010-05-16T23:00:27+00:00

Use kstrdup when the goal of an allocation is copy a string into the allocated region. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // @@ expression from,to; expression flag,E1,E2; statement S; @@ - to = kmalloc(strlen(from) + 1,flag); + to = kstrdup(from, flag); ... when != \(from = E1 \| to = E1 \) if (to==NULL || ...) S ... when != \(from = E2 \| to = E2 \) - strcpy(to, from); // Signed-off-by: Julia Lawall Acked-by: Eric Paris Signed-off-by: James Morris

TOMOYO: Use stack memory for pending entry.

2010-05-10T07:59:02+00:00

Use stack memory for pending entry to reduce kmalloc() which will be kfree()d. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris

Revert "ima: remove ACPI dependency"

2010-05-06T23:20:03+00:00

This reverts commit a674fa46c79ffa37995bd1c8e4daa2b3be5a95ae. Previous revert was a prereq. Signed-off-by: James Morris

KEYS: Do preallocation for __key_link()

2010-05-06T12:25:02+00:00

Do preallocation for __key_link() so that the various callers in request_key.c can deal with any errors from this source before attempting to construct a key. This allows them to assume that the actual linkage step is guaranteed to be successful. Signed-off-by: David Howells Signed-off-by: James Morris

Merge branch 'master' into next

2010-05-06T12:21:04+00:00

Conflicts: security/keys/keyring.c Resolved conflict with whitespace fix in find_keyring_by_name() Signed-off-by: James Morris

TOMOYO: Use mutex_lock_interruptible.

2010-05-06T03:19:18+00:00

Some of TOMOYO's functions may sleep after mutex_lock(). If OOM-killer selected a process which is waiting at mutex_lock(), the to-be-killed process can't be killed. Thus, replace mutex_lock() with mutex_lock_interruptible() so that the to-be-killed process can immediately return from TOMOYO's functions. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris